Sourced from com.alibaba.nacos:nacos-client's releases.

2.4.0-BETA (Jun 6th, 2024)

This version is an important version which support many new features.

The most mainly feature is Nacos support maintainer to initialize the admin user nacos password instead of using default password to improve the default security for deploy nacos clusters.

And other mainly features are support TLS Grpc communication between Nacos cluster nodes as an optional feature to improve Nacos security, which means nacos not only support TLS communication between client and server; What's more, Nacos start to support user extend Selector before callback Subscriber for naming module, not only can select instance of services by healthy and clusters. And Nacos client support callback service diffs by new event to reduce Subscriber cache and compare logics.

Third mainly features are support some configs usages in Nacos console and support more enhancement usage for plugins, such as support add all metadata to prometheus sd protocol and support aliyun ram v4 signature.

In addition to substantial feature updates, this version also fixes some bugs from previous versions and upgrades certain dependencies with security vulnerabilities.

Detail see:

Feature

#10374 Support naming custom selectors and support service diff events. #11456 Support TLS Grpc communication between Nacos cluster nodes. #11847 Nacos console support publish config with cas. #11943 Record users for import configs. #11957 Remove default password for user nacos. #12130 Add metadata as labels in prometheus http sd. #12162 Support aliyun ram v4 signature method.

Enhancement&Refactor

#11956 Refactor nacos client logging module, use SPI load current logger adapter. #12013 Enhance to fast config Nacos memory setting in startup.sh by environment CUSTOM_NACOS_MEMORY. #12072 Support does not impose any limit when totalCountLimit is less than 0. #12166 Enhance nacos client init properties logger. #12177 Update console header link to new nacos.io.

BugFix

#10639 Fix the encrypted_data_key is text type so that old version can't upgrade directly. #11902 Fix leak of request and response for java native runtime for nacos-client. #11926 Fix Nacos can't triggle self protection when disk full in some OS. #11951 Fix the problem that the serviceName and groupName are not resolved correctly when deleting an empty service instance. #11967 Fix Config can't publish and listen when dataId contains some special words in Window OS. #11968 Fix Multiple config change plugin implementation configuration conflicts problem. #12022 Fix nacos datasource plugin ClassCastException problem. #12046 Fix cipher-aes config encrypt plugin not effect when publish config again. #12060 Fix too large ttl when auth disabled. #12146 Fix the operation type does not display when rolling back a configuration with a delete operation type. #12168 Fix the labels of the query conditions on the Permission Control - Role Management page are still displayed in Chinese after switching the system language to English.

Dependency

#11904 Bump Spring Security to 5.7.12. #11975 Remove unused dependency javatuple. #11980 Bump spring framework to 5.3.34. #12135 Upgrade module naocs-console from junit4 to junit5.

New Contributors

• @​ldyedu made their first contribution in alibaba/nacos#10905

... (truncated)

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)